root/platform/a3000/sub/100d/boot.c

/* [<][>][^][v][top][bottom][index][help] */

DEFINITIONS

This source file includes following definitions.
  1. taskCreateHook
  2. taskCreateHook2
  3. boot
  4. sub_FFC00358_my
  5. sub_FFC0119C_my
  6. sub_FFC05E5C_my
  7. taskcreate_Startup_my
  8. task_Startup_my
  9. spytask
  10. CreateTask_spytask
  11. CreateTask_PhySw
  12. init_file_modules_task
  13. sub_FFC6CF5C_my
  14. sub_FFC52014_my
  15. sub_FFC51C3C_my
  16. sub_FFC5195C_my

   1 #include "lolevel.h"
   2 #include "platform.h"
   3 #include "core.h"
   4 #include "stdlib.h"
   5 #include "dryos31.h"
   6 #define offsetof(TYPE, MEMBER) ((int) &((TYPE *)0)->MEMBER)
   7 const char * const new_sa = &_end;
   8 
   9 
  10 // Forward declarations
  11 void CreateTask_PhySw();
  12 void CreateTask_spytask();
  13 void task_CaptSeqTask_my();
  14 void taskCreateHook(int *p) { 
  15 p-=17;
  16 if (p[0]==0xFFC736C4)  p[0]=(int)init_file_modules_task;
  17 if (p[0]==0xFFC5C1E8)  p[0]=(int)task_CaptSeqTask_my;
  18 if (p[0]==0xFFC95048)  p[0]=(int)exp_drv_task;
  19 if (p[0]==0xFFD138CC)  p[0]=(int)movie_record_task;
  20 }
  21 
  22 void taskCreateHook2(int *p) { 
  23 p-=17;
  24 if (p[0]==0xFFC736C4)  p[0]=(int)init_file_modules_task;
  25 if (p[0]==0xFFC95048)  p[0]=(int)exp_drv_task;
  26 }
  27 
  28 void __attribute__((naked,noinline)) boot() {
  29 
  30     asm volatile (
  31         "LDR     R1, =0xC0410000\n"
  32         "MOV     R0, #0\n"
  33         "STR     R0, [R1]\n"
  34         "MOV     R1, #0x78\n"
  35 "loc_FFC0001C:\n"
  36         "MCR     p15, 0, R1,c1,c0\n"
  37         "MOV     R1, #0\n"
  38         "MCR     p15, 0, R1,c7,c10, 4\n"
  39 "loc_FFC00028:\n"
  40         "MCR     p15, 0, R1,c7,c5\n"
  41         "MCR     p15, 0, R1,c7,c6\n"
  42         "MOV     R0, #0x3D\n"
  43         "MCR     p15, 0, R0,c6,c0\n"
  44         "MOV     R0, #0xC000002F\n"
  45         "MCR     p15, 0, R0,c6,c1\n"
  46         "MOV     R0, #0x31\n"
  47         "MCR     p15, 0, R0,c6,c2\n"
  48         "LDR     R0, =0x10000031\n"
  49         "MCR     p15, 0, R0,c6,c3\n"
  50         "MOV     R0, #0x40000017\n"
  51         "MCR     p15, 0, R0,c6,c4\n"
  52         "LDR     R0, =0xFFC0002B\n"
  53         "MCR     p15, 0, R0,c6,c5\n"
  54         "MOV     R0, #0x34\n"
  55         "MCR     p15, 0, R0,c2,c0\n"
  56         "MOV     R0, #0x34\n"
  57         "MCR     p15, 0, R0,c2,c0, 1\n"
  58         "MOV     R0, #0x34\n"
  59         "MCR     p15, 0, R0,c3,c0\n"
  60         "LDR     R0, =0x3333330\n"
  61         "MCR     p15, 0, R0,c5,c0, 2\n"
  62         "LDR     R0, =0x3333330\n"
  63         "MCR     p15, 0, R0,c5,c0, 3\n"
  64         "MRC     p15, 0, R0,c1,c0\n"
  65         "ORR     R0, R0, #0x1000\n"
  66         "ORR     R0, R0, #4\n"
  67         "ORR     R0, R0, #1\n"
  68         "MCR     p15, 0, R0,c1,c0\n"
  69         "MOV     R1, #0x40000006\n"
  70         "MCR     p15, 0, R1,c9,c1\n"
  71         "MOV     R1, #6\n"
  72         "MCR     p15, 0, R1,c9,c1, 1\n"
  73         "MRC     p15, 0, R1,c1,c0\n"
  74         "ORR     R1, R1, #0x50000\n"
  75         "MCR     p15, 0, R1,c1,c0\n"
  76         "LDR     R2, =0xC0200000\n"
  77         "MOV     R1, #1\n"
  78         "STR     R1, [R2,#0x10C]\n"
  79         "MOV     R1, #0xFF\n"
  80         "STR     R1, [R2,#0xC]\n"
  81         "STR     R1, [R2,#0x1C]\n"
  82         "STR     R1, [R2,#0x2C]\n"
  83         "STR     R1, [R2,#0x3C]\n"
  84         "STR     R1, [R2,#0x4C]\n"
  85         "STR     R1, [R2,#0x5C]\n"
  86         "STR     R1, [R2,#0x6C]\n"
  87         "STR     R1, [R2,#0x7C]\n"
  88         "STR     R1, [R2,#0x8C]\n"
  89         "STR     R1, [R2,#0x9C]\n"
  90         "STR     R1, [R2,#0xAC]\n"
  91         "STR     R1, [R2,#0xBC]\n"
  92         "STR     R1, [R2,#0xCC]\n"
  93         "STR     R1, [R2,#0xDC]\n"
  94         "STR     R1, [R2,#0xEC]\n"
  95         "STR     R1, [R2,#0xFC]\n"
  96         "LDR     R1, =0xC0400008\n"
  97         "LDR     R2, =0x430005\n"
  98         "STR     R2, [R1]\n"
  99         "MOV     R1, #1\n"
 100         "LDR     R2, =0xC0243100\n"
 101         "STR     R2, [R1]\n"
 102         "LDR     R2, =0xC0242010\n"
 103         "LDR     R1, [R2]\n"
 104         "ORR     R1, R1, #1\n"
 105         "STR     R1, [R2]\n"
 106         "LDR     R0, =0xFFF03620\n"
 107         "LDR     R1, =0x1900\n"
 108         "LDR     R3, =0xB294\n"
 109 "loc_FFC0013C:\n"
 110         "CMP     R1, R3\n"
 111         "LDRCC   R2, [R0],#4\n"
 112         "STRCC   R2, [R1],#4\n"
 113         "BCC     loc_FFC0013C\n"
 114         "LDR     R1, =0x133D38   \n"
 115         "MOV     R2, #0\n"
 116 "loc_FFC00154:\n"
 117         "CMP     R3, R1\n"
 118         "STRCC   R2, [R3],#4\n"
 119         "BCC     loc_FFC00154\n"
 120         //"B       loc_FFC00358\n"
 121                 "B       sub_FFC00358_my\n" // ---------------->
 122     );
 123 };
 124 
 125 void __attribute__((naked,noinline)) sub_FFC00358_my() {
 126     *(int*)0x1930=(int)taskCreateHook; 
 127     *(int*)0x1934=(int)taskCreateHook2; 
 128     *(int*)0x1938=(int)taskCreateHook;          
 129     /* Power ON/OFF detection */
 130         *(int*)(0x21B4)= (*(int*)0xC02200A8)&1 ? 0x200000 : 0x100000; // @ FFC43E14 replacement  for correct power-on.
 131 
 132                 asm volatile (  
 133 "loc_FFC00358:\n"
 134         "LDR     R0, =0xFFC003D0\n"
 135         "MOV     R1, #0\n"
 136         "LDR     R3, =0xFFC00408\n"
 137 "loc_FFC00364:\n"
 138         "CMP     R0, R3\n"
 139         "LDRCC   R2, [R0],#4\n"
 140         "STRCC   R2, [R1],#4\n"
 141         "BCC     loc_FFC00364\n"
 142         "LDR     R0, =0xFFC00408\n"
 143         "MOV     R1, #0x4B0\n"
 144         "LDR     R3, =0xFFC0061C\n"
 145 "loc_FFC00380:\n"
 146         "CMP     R0, R3\n"
 147         "LDRCC   R2, [R0],#4\n"
 148         "STRCC   R2, [R1],#4\n"
 149         "BCC     loc_FFC00380\n"
 150         "MOV     R0, #0xD2\n"
 151         "MSR     CPSR_cxsf, R0\n"
 152         "MOV     SP, #0x1000\n"
 153         "MOV     R0, #0xD3\n"
 154         "MSR     CPSR_cxsf, R0\n"
 155         "MOV     SP, #0x1000\n"
 156         "LDR     R0, =0x6C4\n"
 157         "LDR     R2, =0xEEEEEEEE\n"
 158         "MOV     R3, #0x1000\n"
 159 "loc_FFC003B4:\n"
 160         "CMP     R0, R3\n"
 161         "STRCC   R2, [R0],#4\n"
 162         "BCC     loc_FFC003B4\n"
 163         //"BL      sub_FFC0119C\n"
 164         "BL      sub_FFC0119C_my\n"
 165 /*
 166 "loc_FFC003C4:\n"
 167         "ANDEQ   R0, R0, R4,ASR#13\n"
 168 "loc_FFC003C8:\n"
 169         "ANDEQ   R0, R0, R0,ROR R6\n"
 170 "loc_FFC003CC:\n"
 171         "ANDEQ   R0, R0, R4,ROR R6\n"
 172 "loc_FFC003D0:\n"
 173         "NOP\n"
 174         "LDR     PC, =0xFFC0061C\n"
 175 */
 176   );                            
 177 };
 178 
 179 
 180 void __attribute__((naked,noinline)) sub_FFC0119C_my() { 
 181         asm volatile (
 182         "STR     LR, [SP,#-4]!\n"
 183         "SUB     SP, SP, #0x74\n"
 184         "MOV     R0, SP\n"
 185         "MOV     R1, #0x74\n"
 186         "BL      sub_FFE8D78C\n"
 187         "MOV     R0, #0x53000\n"
 188         "STR     R0, [SP,#4]\n"
 189 #if defined(CHDK_NOT_IN_CANON_HEAP)
 190         "LDR     R0, =0x133D38\n"
 191 #else
 192                  "LDR     R0, =new_sa\n"        // +
 193                  "LDR     R0, [R0]\n"           // +    
 194 #endif
 195         "LDR     R2, =0x279C00\n"
 196         "LDR     R1, =0x2724A8\n"
 197         "STR     R0, [SP,#8]\n"
 198         "SUB     R0, R1, R0\n"
 199         "ADD     R3, SP, #0xC\n"
 200         "STR     R2, [SP]\n"
 201         "STMIA   R3, {R0-R2}\n"
 202         "MOV     R0, #0x22\n"
 203         "STR     R0, [SP,#0x18]\n"
 204         "MOV     R0, #0x68\n"
 205         "STR     R0, [SP,#0x1C]\n"
 206         "LDR     R0, =0x19B\n"
 207         //"LDR     R1, =sub_FFC05E5C\n"
 208         "LDR     R1, =sub_FFC05E5C_my\n"
 209         "LDR     PC, =0xffc011f0\n" // jump back to fw
 210         /*
 211         "STR     R0, [SP,#0x20]\n"
 212         "MOV     R0, #0x96\n"
 213         "STR     R0, [SP,#0x24]\n"
 214         "MOV     R0, #0x78\n"
 215         "STR     R0, [SP,#0x28]\n"
 216         "MOV     R0, #0x64\n"
 217         "STR     R0, [SP,#0x2C]\n"
 218         "MOV     R0, #0\n"
 219         "STR     R0, [SP,#0x30]\n"
 220         "STR     R0, [SP,#0x34]\n"
 221         "MOV     R0, #0x10\n"
 222         "STR     R0, [SP,#0x5C]\n"
 223         "MOV     R0, #0x800\n"
 224         "STR     R0, [SP,#0x60]\n"
 225         "MOV     R0, #0xA0\n"
 226         "STR     R0, [SP,#0x64]\n"
 227         "MOV     R0, #0x280\n"
 228         "STR     R0, [SP,#0x68]\n"
 229         "MOV     R0, SP\n"
 230         "MOV     R2, #0\n"
 231         "BL      sub_FFC03408\n"
 232         "ADD     SP, SP, #0x74\n"
 233         "LDR     PC, [SP],#4\n"
 234         */
 235         );
 236 }; 
 237 
 238 void __attribute__((naked,noinline)) sub_FFC05E5C_my() {
 239         asm volatile (
 240         "STMFD   SP!, {R4,LR}\n"
 241         "BL      sub_FFC00B24\n"
 242         "BL      sub_FFC0A838\n"
 243         "CMP     R0, #0\n"
 244         "LDRLT   R0, =0xFFC05F70\n"
 245         "BLLT    sub_FFC05F50    \n"
 246         "BL      sub_FFC05A98\n"
 247         "CMP     R0, #0\n"
 248         "LDRLT   R0, =0xFFC05F78\n"
 249         "BLLT    sub_FFC05F50\n"
 250         "LDR     R0, =0xFFC05F88\n"
 251         "BL      sub_FFC05B80\n"
 252         "CMP     R0, #0\n"
 253         "LDRLT   R0, =0xFFC05F90\n"
 254         "BLLT    sub_FFC05F50\n"
 255         "LDR     R0, =0xFFC05F88\n"
 256         "BL      sub_FFC03BF4\n"
 257         "CMP     R0, #0\n"
 258         "LDRLT   R0, =0xFFC05FA4\n"
 259         "BLLT    sub_FFC05F50\n"
 260         "BL      sub_FFC0A230\n"
 261         "CMP     R0, #0\n"
 262         "LDRLT   R0, =0xFFC05FB0\n"
 263         "BLLT    sub_FFC05F50\n"
 264         "BL      sub_FFC01680\n"
 265         "CMP     R0, #0\n"
 266         "LDRLT   R0, =0xFFC05FBC\n"
 267         "BLLT    sub_FFC05F50\n"
 268         "LDMFD   SP!, {R4,LR}\n"
 269         //"B       sub_FFC105BC\n"
 270                 "B       taskcreate_Startup_my\n" //---------->
 271         );
 272 }; 
 273 
 274 
 275 
 276 void __attribute__((naked,noinline)) taskcreate_Startup_my() { 
 277         asm volatile (  
 278         "STMFD   SP!, {R3,LR}\n"
 279         "BL      sub_FFC23A78\n"
 280         "BL      sub_FFC2AF84\n"
 281         "CMP     R0, #0\n"
 282         "BNE     loc_FFC105F8\n"
 283         "BL      sub_FFC2526C\n"
 284         "CMP     R0, #0\n"
 285         "BEQ     loc_FFC105F8\n"
 286         "BL      sub_FFC23A74\n"
 287         "CMP     R0, #0\n"
 288         "BNE     loc_FFC105F8\n"
 289         "LDR     R1, =0xC0220000\n"
 290         "MOV     R0, #0x44\n"
 291         "STR     R0, [R1,#0x48]\n"
 292 "loc_FFC105F4:\n"
 293         "B       loc_FFC105F4\n"
 294 "loc_FFC105F8:\n"
 295         //"BL      sub_FFC23A80\n" // removed, see boot() function
 296         "BL      sub_FFC23A7C\n"
 297         "BL      sub_FFC293A8\n"
 298         "LDR     R1, =0x2CE000\n"
 299         "MOV     R0, #0\n"
 300         "BL      sub_FFC295F0\n"
 301         "BL      sub_FFC2959C\n"
 302         "MOV     R3, #0\n"
 303         "STR     R3, [SP]\n"
 304         //"ADR     R3, 0xFFC10560\n"
 305         "LDR     R3, =task_Startup_my\n" //+ ----------->
 306         "MOV     R2, #0\n"
 307         "MOV     R1, #0x19\n"
 308         "LDR     R0, =0xFFC10640\n"
 309         "BL      sub_FFC0F110\n"
 310         "MOV     R0, #0\n"
 311         "LDMFD   SP!, {R12,PC}\n"
 312  );
 313 }; 
 314 
 315 void __attribute__((naked,noinline)) task_Startup_my() { 
 316         asm volatile (
 317 
 318         "STMFD   SP!, {R4,LR}\n"
 319         "BL      sub_FFC06228\n"
 320         "BL      sub_FFC24B7C\n"
 321         "BL      sub_FFC23414\n"
 322         "BL      sub_FFC2AFC4\n"
 323         "BL      sub_FFC2B1B0\n"
 324         //"BL      sub_FFC2B058\n" // Skip starting diskboot.bin again
 325         "BL      sub_FFC2B34C\n"
 326         "BL      sub_FFC2B1E0\n"
 327         "BL      sub_FFC28840\n"
 328         "BL      sub_FFC2B350\n"
 329         //"BL      sub_FFC23968\n"
 330         );               
 331         CreateTask_PhySw(); // +
 332         CreateTask_spytask();  // +
 333     asm volatile (      
 334         "BL      sub_FFC26EA8\n"
 335         "BL      sub_FFC2B368\n"
 336         "BL      sub_FFC222BC\n"
 337         "BL      sub_FFC22E6C\n"
 338         "BL      sub_FFC2AD5C\n"
 339         "BL      sub_FFC233C8\n"
 340         "BL      sub_FFC22E08\n"
 341         "BL      sub_FFC2BDCC\n"
 342         "BL      sub_FFC22DE0\n"
 343         "LDMFD   SP!, {R4,LR}\n"
 344         "B       sub_FFC06128\n"
 345         );
 346 }; 
 347 
 348 void spytask(long ua, long ub, long uc, long ud, long ue, long uf)
 349 {
 350     core_spytask();
 351 }
 352 void CreateTask_spytask() { 
 353         _CreateTask("SpyTask", 0x19, 0x2000, spytask, 0);
 354 };
 355 
 356 void __attribute__((naked,noinline)) CreateTask_PhySw() {
 357         asm volatile ( 
 358         "STMFD   SP!, {R3-R5,LR}\n"
 359         "LDR     R4, =0x1BE4\n"
 360         "LDR     R0, [R4,#0x10]\n"
 361         "CMP     R0, #0\n"
 362         "BNE     loc_FFC2399C\n"
 363         "MOV     R3, #0\n"
 364         "STR     R3, [SP]\n"
 365         //"LDR     R3, =0xFFC23934\n"
 366         //"MOV     R2, #0x800\n"
 367         "LDR     R3, =mykbd_task\n"  // task_phySw
 368             "MOV     R2, #0x2000\n"             // greater Stacksize
 369 
 370 
 371         "MOV     R1, #0x17\n"
 372         "LDR     R0, =0xFFC23B70\n"
 373         "BL      sub_FFC0F3E8    \n"
 374         "STR     R0, [R4,#0x10]\n"
 375 "loc_FFC2399C:\n"
 376         "BL      sub_FFC6AA64\n"
 377         "BL      sub_FFC251E4\n"
 378         "CMP     R0, #0\n"
 379         "LDREQ   R1, =0x2EEE0\n"
 380         "LDMEQFD SP!, {R3-R5,LR}\n"
 381         "BEQ     sub_FFC6A9EC\n"
 382         "LDMFD   SP!, {R3-R5,PC}\n"
 383         "CMP     R0, #3\n"
 384         );
 385 };
 386 
 387 void __attribute__((naked,noinline)) init_file_modules_task() { 
 388   asm volatile (
 389 
 390         "STMFD   SP!, {R4-R6,LR}\n"
 391         "BL      sub_FFC6CF30\n"
 392         "LDR     R5, =0x5006\n"
 393         "MOVS    R4, R0\n"
 394         "MOVNE   R1, #0\n"
 395         "MOVNE   R0, R5\n"
 396         "BLNE    sub_FFC6F7EC\n"
 397         //"BL      sub_FFC6CF5C\n"
 398         "BL      sub_FFC6CF5C_my\n"
 399                 "BL      core_spytask_can_start\n"      // +
 400         "CMP     R4, #0\n"
 401         "MOVEQ   R0, R5\n"
 402         "LDMEQFD SP!, {R4-R6,LR}\n"
 403         "MOVEQ   R1, #0\n"
 404         "BEQ     sub_FFC6F7EC\n"
 405         "LDMFD   SP!, {R4-R6,PC}\n"
 406  );
 407 }; 
 408 
 409 void __attribute__((naked,noinline)) sub_FFC6CF5C_my() { 
 410  asm volatile (
 411 
 412         "STMFD   SP!, {R4,LR}\n"
 413         "MOV     R0, #3\n"
 414         //"BL      sub_FFC52014\n"
 415         "BL      sub_FFC52014_my\n"
 416         "LDR     PC,=0xffc6cf68\n" // jump back to firmware
 417         /*
 418         "BL      sub_FFCFE338\n"
 419         "LDR     R4, =0x2B70\n"
 420         "LDR     R0, [R4,#4]\n"
 421         "CMP     R0, #0\n"
 422         "BNE     loc_FFC6CF94\n"
 423         "BL      sub_FFC5125C\n"
 424         "BL      sub_FFCF4908\n"
 425         "BL      sub_FFC5125C\n"
 426         "BL      sub_FFC4DCD4\n"
 427         "BL      sub_FFC5115C\n"
 428         "BL      sub_FFCF499C\n"
 429 "loc_FFC6CF94:\n"
 430         "MOV     R0, #1\n"
 431         "STR     R0, [R4]\n"
 432         "LDMFD   SP!, {R4,PC}\n"
 433         */
 434  );
 435 }; 
 436 
 437 
 438 void __attribute__((naked,noinline)) sub_FFC52014_my() {
 439  asm volatile (
 440         "STMFD   SP!, {R4-R8,LR}\n"
 441         "MOV     R8, R0\n"
 442         "BL      sub_FFC51F94\n"
 443         "LDR     R1, =0x33688\n"
 444         "MOV     R6, R0\n"
 445         "ADD     R4, R1, R0,LSL#7\n"
 446         "LDR     R0, [R4,#0x6C]\n"
 447         "CMP     R0, #4\n"
 448         "LDREQ   R1, =0x817\n"
 449         "LDREQ   R0, =0xFFC51AD4\n"
 450         "BLEQ    sub_FFC0F5E8\n"
 451         "MOV     R1, R8\n"
 452         "MOV     R0, R6\n"
 453         "BL      sub_FFC5184C\n"
 454         "LDR     R0, [R4,#0x38]\n"
 455         "BL      sub_FFC526B4\n"
 456         "CMP     R0, #0\n"
 457         "STREQ   R0, [R4,#0x6C]\n"
 458         "MOV     R0, R6\n"
 459         "BL      sub_FFC518DC\n"
 460         "MOV     R0, R6\n"
 461         //"BL      sub_FFC51C3C\n"
 462                 "BL      sub_FFC51C3C_my\n" //------------->
 463         "LDR     PC, =0xffc5206c\n" // jump back to firmware
 464 /*
 465         "MOV     R5, R0\n"
 466         "MOV     R0, R6\n"
 467         "BL      sub_FFC51E6C\n"
 468         "LDR     R6, [R4,#0x3C]\n"
 469         "AND     R7, R5, R0\n"
 470         "CMP     R6, #0\n"
 471         "LDR     R1, [R4,#0x38]\n"
 472         "MOVEQ   R0, #0x80000001\n"
 473         "MOV     R5, #0\n"
 474         "BEQ     loc_FFC520C4\n"
 475         "MOV     R0, R1\n"
 476         "BL      sub_FFC513C4\n"
 477         "CMP     R0, #0\n"
 478         "MOVNE   R5, #4\n"
 479         "CMP     R6, #5\n"
 480         "ORRNE   R0, R5, #1\n"
 481         "BICEQ   R0, R5, #1\n"
 482         "CMP     R7, #0\n"
 483         "BICEQ   R0, R0, #2\n"
 484         "ORREQ   R0, R0, #0x80000000\n"
 485         "BICNE   R0, R0, #0x80000000\n"
 486         "ORRNE   R0, R0, #2\n"
 487 "loc_FFC520C4:\n"
 488         "CMP     R8, #7\n"
 489         "STR     R0, [R4,#0x40]\n"
 490         "LDMNEFD SP!, {R4-R8,PC}\n"
 491         "MOV     R0, R8\n"
 492         "BL      sub_FFC51FE4\n"
 493         "CMP     R0, #0\n"
 494         "LDMEQFD SP!, {R4-R8,LR}\n"
 495         "LDREQ   R0, =0xFFC52110\n"
 496         "BEQ     sub_FFC01780\n"
 497         "LDMFD   SP!, {R4-R8,PC}\n"
 498 */
 499  );
 500 }; 
 501 
 502 void __attribute__((naked,noinline)) sub_FFC51C3C_my() {
 503 
 504  asm volatile (
 505         "STMFD   SP!, {R4-R6,LR}\n"
 506         "MOV     R5, R0\n"
 507         "LDR     R0, =0x33688\n"
 508         "ADD     R4, R0, R5,LSL#7\n"
 509         "LDR     R0, [R4,#0x6C]\n"
 510         "TST     R0, #2\n"
 511         "MOVNE   R0, #1\n"
 512         "LDMNEFD SP!, {R4-R6,PC}\n"
 513         "LDR     R0, [R4,#0x38]\n"
 514         "MOV     R1, R5\n"
 515                 //"BL      sub_FFC5195C\n"
 516         "BL      sub_FFC5195C_my\n" // ------------------>
 517         "LDR     PC,=0xffc51c68\n" // jump back to fw
 518 /*
 519         "CMP     R0, #0\n"
 520         "LDRNE   R0, [R4,#0x38]\n"
 521         "MOVNE   R1, R5\n"
 522         "BLNE    sub_FFC51AF8\n"
 523         "LDR     R2, =0x33708\n"
 524         "ADD     R1, R5, R5,LSL#4\n"
 525         "LDR     R1, [R2,R1,LSL#2]\n"
 526         "CMP     R1, #4\n"
 527         "BEQ     loc_FFC51C9C\n"
 528         "CMP     R0, #0\n"
 529         "LDMEQFD SP!, {R4-R6,PC}\n"
 530         "MOV     R0, R5\n"
 531         "BL      sub_FFC51454\n"
 532 "loc_FFC51C9C:\n"
 533         "CMP     R0, #0\n"
 534         "LDRNE   R1, [R4,#0x6C]\n"
 535         "ORRNE   R1, R1, #2\n"
 536         "STRNE   R1, [R4,#0x6C]\n"
 537         "LDMFD   SP!, {R4-R6,PC}\n"
 538 */
 539  );
 540 };
 541 
 542 
 543 void __attribute__((naked,noinline)) sub_FFC5195C_my() {
 544  asm volatile ( 
 545         "STMFD   SP!, {R4-R10,LR}\n"
 546         "MOV     R9, R0\n"
 547         "LDR     R0, =0x33688\n"
 548         "MOV     R8, #0\n"
 549         "ADD     R5, R0, R1,LSL#7\n"
 550         "LDR     R0, [R5,#0x3C]\n"
 551         "MOV     R7, #0\n"
 552         "CMP     R0, #7\n"
 553         "MOV     R6, #0\n"
 554         "ADDLS   PC, PC, R0,LSL#2\n"
 555         "B       loc_FFC51AB4\n"
 556 "loc_FFC51988:\n"
 557         "B       loc_FFC519C0\n"
 558 "loc_FFC5198C:\n"
 559         "B       loc_FFC519A8\n"
 560 "loc_FFC51990:\n"
 561         "B       loc_FFC519A8\n"
 562 "loc_FFC51994:\n"
 563         "B       loc_FFC519A8\n"
 564 "loc_FFC51998:\n"
 565         "B       loc_FFC519A8\n"
 566 "loc_FFC5199C:\n"
 567         "B       loc_FFC51AAC\n"
 568 "loc_FFC519A0:\n"
 569         "B       loc_FFC519A8\n"
 570 "loc_FFC519A4:\n"
 571         "B       loc_FFC519A8\n"
 572 "loc_FFC519A8:\n"
 573         "MOV     R2, #0\n"
 574         "MOV     R1, #0x200\n"
 575         "MOV     R0, #2\n"
 576         "BL      sub_FFC6715C\n"
 577         "MOVS    R4, R0\n"
 578         "BNE     loc_FFC519C8\n"
 579 "loc_FFC519C0:\n"
 580         "MOV     R0, #0\n"
 581         "LDMFD   SP!, {R4-R10,PC}\n"
 582 "loc_FFC519C8:\n"
 583         "LDR     R12, [R5,#0x50]\n"
 584         "MOV     R3, R4\n"
 585         "MOV     R2, #1\n"
 586         "MOV     R1, #0\n"
 587         "MOV     R0, R9\n"
 588         "BLX     R12\n"
 589         "CMP     R0, #1\n"
 590         "BNE     loc_FFC519F4\n"
 591         "MOV     R0, #2\n"
 592         "BL      sub_FFC672A8\n"
 593         "B       loc_FFC519C0\n"
 594 "loc_FFC519F4:\n"
 595         "LDR     R1, [R5,#0x64]\n"
 596         "MOV     R0, R9\n"
 597         "BLX     R1\n"
 598                 
 599                "MOV   R1, R4\n"           //  pointer to MBR in R1
 600 //                              "BL    mbr_read_dryos\n"   //  total sectors count in R0 before and after call
 601 
 602                 // Start of DataGhost's FAT32 autodetection code
 603                 // Policy: If there is a partition which has type W95 FAT32, use the first one of those for image storage
 604                 // According to the code below, we can use R1, R2, R3 and R12.
 605                 // LR wasn't really used anywhere but for storing a part of the partition signature. This is the only thing
 606                 // that won't work with an offset, but since we can load from LR+offset into LR, we can use this to do that :)
 607                 "MOV     R12, R4\n"                    // Copy the MBR start address so we have something to work with
 608                 "MOV     LR, R4\n"                     // Save old offset for MBR signature
 609                 "MOV     R1, #1\n"                     // Note the current partition number
 610                 "B       dg_sd_fat32_enter\n"          // We actually need to check the first partition as well, no increments yet!
 611            "dg_sd_fat32:\n"
 612                 "CMP     R1, #4\n"                     // Did we already see the 4th partition?
 613                 "BEQ     dg_sd_fat32_end\n"            // Yes, break. We didn't find anything, so don't change anything.
 614                 "ADD     R12, R12, #0x10\n"            // Second partition
 615                 "ADD     R1, R1, #1\n"                 // Second partition for the loop
 616            "dg_sd_fat32_enter:\n"
 617                 "LDRB    R2, [R12, #0x1BE]\n"          // Partition status
 618                 "LDRB    R3, [R12, #0x1C2]\n"          // Partition type (FAT32 = 0xB)
 619                 "CMP     R3, #0xB\n"                   // Is this a FAT32 partition?
 620                 "CMPNE   R3, #0xC\n"                   // Not 0xB, is it 0xC (FAT32 LBA) then?
 621                 "BNE     dg_sd_fat32\n"                // No, it isn't.
 622                 "CMP     R2, #0x00\n"                  // It is, check the validity of the partition type
 623                 "CMPNE   R2, #0x80\n"
 624                 "BNE     dg_sd_fat32\n"                // Invalid, go to next partition
 625                                                        // This partition is valid, it's the first one, bingo!
 626                 "MOV     R4, R12\n"                    // Move the new MBR offset for the partition detection.
 627                 
 628            "dg_sd_fat32_end:\n"
 629                 // End of DataGhost's FAT32 autodetection code                           
 630                 
 631                 
 632         "LDRB    R1, [R4,#0x1C9]\n"
 633         "LDRB    R3, [R4,#0x1C8]\n"
 634         "LDRB    R12, [R4,#0x1CC]\n"
 635         "MOV     R1, R1,LSL#24\n"
 636         "ORR     R1, R1, R3,LSL#16\n"
 637         "LDRB    R3, [R4,#0x1C7]\n"
 638         "LDRB    R2, [R4,#0x1BE]\n"
 639         //"LDRB    LR, [R4,#0x1FF]\n" // replaced, see below
 640         "ORR     R1, R1, R3,LSL#8\n"
 641         "LDRB    R3, [R4,#0x1C6]\n"
 642         "CMP     R2, #0\n"
 643         "CMPNE   R2, #0x80\n"
 644         "ORR     R1, R1, R3\n"
 645         "LDRB    R3, [R4,#0x1CD]\n"
 646         "MOV     R3, R3,LSL#24\n"
 647         "ORR     R3, R3, R12,LSL#16\n"
 648         "LDRB    R12, [R4,#0x1CB]\n"
 649         "ORR     R3, R3, R12,LSL#8\n"
 650         "LDRB    R12, [R4,#0x1CA]\n"
 651         "ORR     R3, R3, R12\n"
 652         //"LDRB    R12, [R4,#0x1FE]\n" // replaced, see below
 653         "LDRB    R12, [LR,#0x1FE]\n"        // New! First MBR signature byte (0x55)
 654         "LDRB    LR, [LR,#0x1FF]\n"         //      Last MBR signature byte (0xAA)      
 655         "BNE     loc_FFC51A80\n"
 656         "CMP     R0, R1\n"
 657         "BCC     loc_FFC51A80\n"
 658         "ADD     R2, R1, R3\n"
 659         "CMP     R2, R0\n"
 660         "CMPLS   R12, #0x55\n"
 661         "CMPEQ   LR, #0xAA\n"
 662         "MOVEQ   R7, R1\n"
 663         "MOVEQ   R6, R3\n"
 664         "MOVEQ   R4, #1\n"
 665         "BEQ     loc_FFC51A84\n"
 666 "loc_FFC51A80:\n"
 667         "MOV     R4, R8\n"
 668 "loc_FFC51A84:\n"
 669         "MOV     R0, #2\n"
 670         "BL      sub_FFC672A8\n"
 671         "CMP     R4, #0\n"
 672         "BNE     loc_FFC51AC0\n"
 673         "LDR     R1, [R5,#0x64]\n"
 674         "MOV     R7, #0\n"
 675         "MOV     R0, R9\n"
 676         "BLX     R1\n"
 677         "MOV     R6, R0\n"
 678         "B       loc_FFC51AC0\n"
 679 "loc_FFC51AAC:\n"
 680         "MOV     R6, #0x40\n"
 681         "B       loc_FFC51AC0\n"
 682 "loc_FFC51AB4:\n"
 683         "LDR     R1, =0x572\n"
 684         "LDR     R0, =0xFFC51AD4\n"
 685         "BL      sub_FFC0F5E8\n"
 686 "loc_FFC51AC0:\n"
 687         "STR     R7, [R5,#0x44]!\n"
 688         "STMIB   R5, {R6,R8}\n"
 689         "MOV     R0, #1\n"
 690         "LDMFD   SP!, {R4-R10,PC}\n"
 691 
 692  );
 693 }; 
 694 

/* [<][>][^][v][top][bottom][index][help] */